The Enemy Within: Firewalls and Backdoors

This article presents an overview of modern backdoor techniques, discusses how they can be used to bypass the security infrastructure that exists in most network deployments and issues a wake-up call for those relying on current technologies to safeguard their systems/networks.

Complete story

Advertisements

Beginner’s Guide to Wireless Auditing

David Maynor 2006-09-19

Introduction

Since our talks at Black Hat Vegas and DEFCON, Jon Ellch and I have been peppered with questions regarding how to find vulnerabilities in wireless device drivers and the specific techniques that were employed. Rather than answer these questions one at a time, an article seemed a better course of action. In this first article, we will discuss how to build an auditing environment, how to construct fuzzing tools and, finally, how to interpret the results.

Continue reading “Beginner’s Guide to Wireless Auditing”

Keamanan di PHP

Akhir tahun 2006 dan awal 2007 ini, topik security di PHP menghangat. Kelly Martin dalam tulisannya PHP apps: Security’s Low-Hanging Fruit menyibak beberapa fakta tentang keamanan di PHP. Beberapa fakta menarik:

  • Penyumbang hingga 43% issue security di tahun 2006 menurut National Institute of Standards and Technology (NIST).
  • Problem umum web development security: cross scripting (XSS), include file injection vulnerabilities, dan database injection atau hal-hal manipulasi mudah dilakukan di PHP.
  • Poor programming menjadi salah satu penyumbang utama; banyak PHP developer yang meremehkan aspek security di programnya.
  • Stephan Esser hengkang dari internal PHP security team pada 9 Desember 2006. Masalah utama baginya adalah lambatnya PHP Group merespon issue security di PHP. Dia adalah salah satu pendiri tim tersebut.
  • Proyek Stephan Esser Suhosin cukup menjanjikan untuk hardening PHP script, sangat dianjurkan untuk anda yang memiliki hosting PHP (hosting services) atau yang dapat mengakses/menginstall PHP langsung di server.

Jadi, jangan remehkan keamanan di source code PHP anda, terlena karena kemudahan mempelajarinya 🙂

Happy coding!

[end]